Storage control system

ABSTRACT

A storage control system has a host computer having one or more initiators; a storage controller having one or more targets and storage areas, and also having a security property for defining access relationships between the targets and the storage areas; and a management module for storing access correspondence relationships between the initiators and the targets. When the security property is set in the storage controller, the storage controller sets the access correspondence relationships in the management module based on the security property.

CROSS REFERENCES TO RELATED APPLICATIONS

This application relates to and claims priority from Japanese Patent Application No. 2005-274344, filed on Sep. 21, 2005, the entire disclosure of which is incorporated herein by reference.

BACKGROUND OF THE INVENTION

The present invention relates to a storage control system, where storage controllers and host computers are connected via a communication network, for controlling access between targets in the storage controllers and initiators in the host computers. The present invention also relates to a storage controller used in this storage control system.

Storage area networks (SANs), where storage controllers and host computers, which are front-end apparatuses relative to the storage controllers, are connected to each other via a Fibre Channel, are well known. Lately, an IP-SAN, which constructs a SAN using an IP network instead of Fibre Channel, has been proposed in order to achieve SAN objectives such as long distance connection. An IP-SAN enables communication using the iSCSI (Internet SCSI) as a communication protocol.

In IP-SANs, a storage controller connected to a communication network is sometimes accessed from an indefinite number of nodes that are connected to the same network as well as different networks. Therefore, enhancing security by controlling access between initiators, units issuing I/O commands; and targets, units receiving the I/O commands on the network is an object that should be achieved.

One example that achieves the above object is disclosed in Japanese Patent Laid-Open (Kokai) Publication No. 2002-63063. This publication discloses a storage area network management system. In the management system, a storage area network system, where plural host computers and storage apparatuses are connected via a switch, has an integrated management mechanism for performing integrated control of the storage area network. The integrated management mechanism, having information on access paths between the host computers and the storage apparatuses, notifies storage area network management mechanisms in the host computers of management information for the storage apparatuses based on the access path information. It also notifies an area setting mechanism in the switch of area information and notifies storage management mechanisms in the storage apparatuses of access control information for the host computers.

Meanwhile, Japanese Patent Laid-Open (Kokai) Publication No. 2001-265655 discloses a storage sub system for realizing a LUN security function, which is to prevent unauthorized accesses by limiting accessible logical units (LUN) for each host computer. The storage sub system has: one or more storage apparatuses in which one storage area corresponds to one or more logical units; a storage controller for controlling data reading and writing from and to the storage apparatuses; a management table for managing the logical units; and a memory for storing the management table. The management table includes: information for identifying the host computers; identification numbers for specifying logical units that the host computers are allowed to access; and virtual identification numbers that correspond to the logical unit identification numbers and correspondence relationships therebetween. The storage sub system determines whether to permit or deny host computer access by referring to the management table, especially the information for identifying the host computers.

SUMMARY OF THE INVENTION

In a communication network using iSCSI as a communication protocol, host computers (initiators) are identified by iSCSI names in order to realize LUN security. Meanwhile, in storage controllers, targets are created via a user interface (for example, a GUI) on a management console. The targets are also assigned iSCSI names. The storage controllers register, in memory, the iSCSI names of initiators that are allowed to access the targets and assign accessible logical units to the targets.

Incidentally, in an IP-SAN system using the iSCSI protocol, host computers and storage controllers do not have means for finding (“discovery”) connection destinations. Moreover, they do not have a function for notifying an indefinite number of devices on the network of iSCSI names.

If the host computers (initiators) know the IP addresses and TCP port numbers of the storage controllers (targets), they can obtain the iSCSI names of the targets. However, the iSCSI protocol does not provide a function for enabling the storage controllers (targets) to obtain the iSCSI names of the initiators. Accordingly, a storage controller administrator needs to set iSCSI name(s), set in host computer(s), in the storage controller. An iSCSI name consists of 223 letters at the maximum; therefore, manual setting of an iSCSI name may result in problems such as input mistakes.

One solution for the problem is to use an iSNS server service. An iSNS server has a function for classifying iSCSI initiators and iSCSI targets into groups called discovery domains, and provides the service of delivering the classification information to the initiators and the targets. With the iSNS server service, the initiators are informed of accessible targets. In order to realize this service, the iSCSI initiators and the iSCSI targets are registered as iSNS clients at the iSNS server. Based on the information registered by the clients, an iSNS server administrator creates discovery domains and registers the initiators and targets at the iSNS server while making groups with initiators and targets he/she intends to combine. Accordingly, an initiator is allowed to access an intended target based on the information from the iSNS server even if it is not informed of the IP address and the TCP port number of the intended target.

However, although setting of access relationships between the initiators and targets is easily performed by the iSNS server service, a storage controller administrator still has to set the correspondence relationships between the targets and initiators, the LUN security being set for both, separately from setting the correspondence relationships at the iSNS server. Consequently, if there is a time lag between setting at the iSNS server and setting of the LUN security in the storage controller, access settings in the iSNS server and that in the storage controller do not match.

Therefore, if LUN security that has been set for a storage controller is not reflected in the iSNS server, unnecessary login or retry requests are transmitted from initiators to the storage controller based on the pre-LUN-security-setting discovery information, degrading the performance of access to the storage controller.

Degradation of the access performance is also caused when host computers and storage controllers are connected via a fabric. Specifically, a host computer makes an inquiry to name server in the fabric about port addresses of accessible ports and tries to log into one of those port addresses. Because login is issued equally for target nodes in storage apparatuses, the aforementioned LUN security is set for the relevant storage controllers.

The storage controllers reject login from non-access-permitted servers but the servers keep retrying in spite of the rejection. When the timing of the zoning performed in the fabric is different from the LUN security setting timing, the login retry is repeated, thereby degrading the performance of access to the storage controllers.

Thereupon, it is an object of the present invention to provide a storage control system that can solve the above problem by incorporating the setting of access between initiators and targets connected to a communication network and the setting of LUN security for the targets. Another object of the present invention is to provide a storage control system that enables the instant reflection of access permission settings in storage controllers in the settings for access between the initiators and the targets.

In order to achieve the above object, the present invention is characterized in that, at the time of the setting (including original setting and updating) of the LUN security, a main processor in a storage controller establishes access relationships between initiators and targets based on LUN security information and reflects the access relationships in access management modules, such as an iSNS server.

The present invention provides a storage control system having: a host computer having one or more initiators; a storage controller having one or more targets and storage areas, and also having a security property for defining access relationships between the targets and the storage areas; and a management module for storing access correspondence relationships between the initiators and the targets. When the security property is set in the storage controller, the storage controller sets the access correspondence relationships in the management module based on the security property.

The present invention also provides a storage control system, in which a storage controller, a host computer, and a management module, having a first storage area defining access correspondence relationships between one or more targets in the storage controller and one or more initiators in the host computer, are connected to each other via a communication network, for controlling access between the initiators and the targets. The storage controller has: a port for receiving access from the host computer; a processor for processing information output from the port; a data storage apparatus for storing write data received from the host computer and/or read data transmitted to the host computer; and a second storage area for storing a LUN security property that defines correspondence relationships between the targets and one or more logical units in the data storage apparatus; and an access management list that defines correspondence relationships between the initiators and the targets. The processor sets the access correspondence relationships in the storage area based on the access management list.

As explained above, the present invention can solve the conventional problem caused by the delay in access setting by incorporating access setting between initiators and targets connected to a communication network and the setting of LUN security for the targets. According to the present invention, the access permission settings in storage controllers can be speedily reflected in access setting between the initiators and the targets.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a functional block diagram showing the structure of a storage control system.

FIG. 2 is a block diagram showing the hardware structure of a storage controller.

FIG. 3 is a functional block diagram showing an iSNS server.

FIG. 4 shows a device list table.

FIG. 5 shows an example of a discovery domain list table.

FIG. 6 shows an example of discovery domain configurations.

FIG. 7 is a functional block diagram illustrating LUN security set for the storage controller.

FIG. 8(1)-(6) each shows a group of control tables registered in a shared memory in the storage controller.

FIG. 9 is a flow chart illustrating the storage controller's setting of discovery domains in an iSNS server.

FIG. 10(1) and (2) each shows examples of discovery domain information transmitted from an initiator to a target.

FIG. 11 is a flow chart illustrating control of a path through which a storage controller according to the second embodiment accesses the iSNS server.

FIG. 12 is an example of a target network information table according to another embodiment of the present invention.

FIG. 13 is an example of other control tables that correspond to the target network information in FIG. 12.

FIG. 14 is a functional block diagram of a storage control system according to a third embodiment.

FIG. 15 is a flow chart illustrating the operation of a storage controller shown in FIG. 14.

DETAILED DESCRIPTION OF THE INVENTION

An embodiment of the present invention is explained below. The embodiment is merely an example and does not limit the scope of the present invention. FIG. 1 is a functional block diagram of the structure of a storage control system.

The storage control system has: a plurality of storage controllers 1 (a to c); a plurality of host computers 2 (a to c) as host systems; an Internet protocol communication network 30; a switch for connecting a plurality of network nodes to the communication network 30; a management console 4; and an iSNS server for managing identification information for the storage controllers 1 and the host computers 2 as well as the logical connection relationships therebetween. Incidentally, a network node is equipment connected to the network 30, such as the storage controllers 1, host computers 2, management console 4, the iSNS server 5 and the like.

The management console 4 is for managing a storage system composed of a plurality of storage apparatuses. The management console 4 can manage the individual storage controllers. The network 30, indicated by the elliptical dotted line for convenience, is a collective term used to refer to the switch 3 and a connection line for connecting the storage controllers 1, host computers 2 and the iSNS server 5 to the switch 3. The management console 4 is connected to the iSNS server 5 and the storage controllers 1 a, 1 b and 1 c via a LAN 4A.

Each of the storage controllers 1 (a to c) control an internally-provided disk storage apparatus and has a controller CTL10 (a to c) for servicing access requests from the host computers 2, and a logical unit LU (220 a, 220 b, 220 c and 221 a) accessed by the host computers 2.

Each host computer 2 is a computer having a CPU, memory and a network controller for connection to the network 30. In the memory, it has a table 2112 (a to c) for managing initiators.

FIG. 1 shows the system where the plural host computers and storage controllers are connected to an IP network. Because the iSNS server 5 manages access units in host computers and storage computers using names (iSCSI names), an access unit in a host computer can be connected to a permitted access unit in a storage controller. An access unit in a host controller is an access source relative to an access unit in a storage controller; therefore, it represents an initiator. Accordingly, an access unit in a storage controller represents a target.

A storage controller 1 is explained in detail below. FIG. 2 is a block diagram indicating the hardware structure of the storage controller 1. The storage controller 1 is, for example, a RAID (Redundant Array of Independent Inexpensive Disks) system and has one or more physical disk groups 39 as storage apparatuses, each group including a plurality of disk-shaped storage apparatuses arranged in arrays. The physical disk groups 39 provide physical storage areas to which one or more logical devices (hereinafter called “LDEV(s)”) 35, that is, logical storage areas are set. Each LDEV 35 is assigned with LDEV identification information (hereinafter called the “LDEV#”) and corresponds to a logical unit which can be specified by a host computer 2. Logical units are managed according to numbers, which are hereinafter referred to as the “Logical Unit Numbers (LUNs)”.

The storage controller 1 has one or more channel adapter sets 37, cache memory 43, shared memory 47, one or more disk adapter sets 41, and a switching control unit 45.

Each channel adapter set 37 includes plural (typically two) channel adapters (37A, 37B) having substantially the same structure. Accordingly, even if a host computer 2 cannot access a predetermined LDEV via the channel adapter 37A, it can still access the LDEV via the other channel adapter 37B. The same structure is applied to the disk adapter sets 41. The disk adapters 41A and 41B have substantially the same structure.

The channel adapter 37A has one or more (two, for example) iSCSI ports 38 via which the channel adapter 37A is connected to one or more host computers 2. It may be composed of a hardware circuit, software, or combination thereof and executes data communication between storage controllers 1 and host computers 2. An iSCSI port 38 is equipped with an interface 120, buffer 121, local memory 123, and a protocol processor 122.

The interface 120 has a cable socket, which is physically connected to the switch 3. The buffer 121 is a memory where data transmitted between host computers 2 and storage controllers 1 is temporarily stored.

The local memory 123 is, for example, a non-volatile memory and stores IP addresses, iSCSI names, and LUNs of logical units the iSCSI port 38 can access. The protocol processor 122 is connected to channel processors 40 via a predetermined internal bus (for example, PCI bus) so that they can communicate with each other, and executes protocol processing according to the iSCSI protocol based on the information in the buffer 121 and the local memory 123. Incidentally, a channel processor 40 may have the function of executing the protocol processing instead of protocol processor 122.

The channel adapter 37A is also equipped with one or more micro processors (hereinafter called the “channel processors”), which are connected to the respective iSCSI ports 38 to enable communication. Moreover, it is equipped with a micro processor adapter (hereinafter abbreviated as the “MPA”) 42, which is connected to the shared memory 47 to enable communication; and a data transfer adapter (hereinafter abbreviated as the “DTA”), which is connected to the cache memory 43 to enable communication. Transmission of control information (for example, messages between processors) between channel processors 40 and external processors (specifically, micro processors in the disk adapter 41A and 41B, not shown in the drawing) is conducted through the MPA 42.

When write data is written from a host computer 2 to an LDEV 35, or when read data, read from an LDEV 35, is output from the storage controller 1 to a host computer 2, the write data and the read data pass through the DTA 44.

Each channel processor 40, for example, executes polling of a control information storage area 50 in the shared memory 47 to obtain control information via the MPA 42, transmits read data stored in the cache memory 43 to a host computer 2, and stores write target data (write data) received from a host computer 2 in the cache memory 43.

The cache memory 43 is a volatile or non-volatile memory. It temporarily stores write data sent from a channel adapter 37A or 37B to a disk adapter 41A or 41B in a disk adapter set 41; and read data sent from the disk adapter 41A or 41B to the channel adapter 37A or 37B.

The shared memory 47 is a non-volatile memory and includes a control information storage area 50 and a data table group 51. The control information storage area 50 stores the control information as described above.

A disk adapter set 41 is provided for each physical disk group 39. Each of the disk adapters (41A, 41B) has one or more micro processors (not shown in the drawing) that execute processing to read or write data from or to an LDEV 35 having LDEV# corresponding to a LUN specified by a host computer 2.

The switching control unit 45 may be structured as a high-speed bus, such as a high-speed crossbar switch that executes data transmission by high-speed switching. The switching control unit 45 connects the channel adapters 37A and 37B, the disk adapters 41A and 41B, the shared memory 47 and the cache memory 43 to one another to enable communication therebetween. Accordingly, transmission of data and commands between them is conducted via the switching control unit 45.

When a storage controller 1 receives an I/O request from a host computer 2, it executes processing according to the content of the I/O request. The outline of the processing flow for the I/O request is explained below taking as an example a case where a host computer 2 issues an I/O request. If the I/O request is a read request, the following processing is conducted:

The I/O request, issued by the host computer 2, is stored in the buffer 121 in the iSCSI port 38. The relevant channel processor 40 reads the I/O request from the buffer 121 and judges whether the data (read data) requested to be read by the I/O request exists in the cache memory 43.

If the judgment result is positive, that is, if the read data exits in the cache memory 43 (cache hit), the relevant channel processor 40 obtains the read data via the DTA 44 from the cache memory 43 and transmits it to the host computer 2 via the iSCSI port 38.

Whereas, if the judgment result is negative, that is, if the read data does not exist in the cache memory 43 (cache miss), the relevant channel processor 40 stores in the shared memory 47, via the MPA 42, control information for instructing the micro processor (hereinafter called the “disk processor”) in the relevant disk adapter 41A to read the read data in a predetermined LDEV 35 out to the cache memory 43. When the relevant disk processor reads the control information, the read data is read from the predetermined LDEV 35 and stored in the cache memory 43. The relevant channel processor 40 then obtains the read data from the cache memory 43 and transmits it to the host computer 2.

Meanwhile, the following processing is conducted if the I/O request is a write request. An I/O request including write data output from a host computer 2 is stored in the buffer 121 in the iSCSI port 38. The relevant channel processor 40 reads the I/O request from the buffer 121 and judges whether the write data already exists in a predetermined area (hereinafter called the “predetermined cache slot”) in the cache memory 43.

If the judgment result is positive, that is, if the write data exists in a predetermined cache slot (cache hit), the relevant channel processor 40 overwrites the write data in the predetermined cache slot with the write data included in the read I/O request.

Whereas, if the judgment result is negative, that is, if the write data does not exist in the predetermined cache slot (cache miss), the relevant channel processor 40 instructs the drive control unit 41 to read the write data from an LDEV specified in the I/O request out to the cache memory 43. Then, when the disk adapter 41 reads the write data from the data storage area and stores it in the predetermined cache slot, the relevant channel processor 40 overwrites the data stored in the predetermined cache slot with the write data included in the I/O request.

When the write data is written in the cache memory 43 as above, a completion report is sent from the storage controller 1 to the host computer 2, assuming that the write request has been completed. Incidentally, at the time when the write data is written in the cache memory 43, the data normally is not reflected in a predetermined LDEV 35 but the relevant disk processor later reads the write data from the cache memory 43 and writes it in the predetermined LDEV.

FIG. 3 shows an example of the structure of the iSNS server 5. The iSNS server 5 has: a CPU 500 for controlling its entirety; a memory 501 for storing control data and control programs executed by the CPU 500; a network controller 502 for connection to the network 30; and a bridge 504 for controlling transfer of data and programs between the CPU 500 and the memory 501 as well as transfer of data between the network controller 502 and the memory 501. The memory 501 includes a control data area 511 and a control program area 512.

The control data area 511 is an area for storing various tables the CPU 500 refers to when executing control programs. It stores names (iSCSI names) of initiators and targets in iSCSI; and a management table 5111 where the connection relationships (discovery domain information) between the initiators and the targets are stored.

The control program area 512 is an area for storing control programs executed by the CPU 500. It stores: an operating system program 5120 which is a basic program creating the environment for executing the control programs; a TCP/IP program 5121 for executing network 30-using data transmission using TCP/IP protocol; a name management program 5122 for managing the names of iSCSI nodes (i.e., host computers 2 and storage controllers 1) connected to the network 30 as well as controlling correspondence relationships between iSCSI initiators and iSCSI targets; and a communication program 5123 for conducting communication for managing the names of the respective initiators and targets based on the iSCSI protocol specification. Instead of using iSNS server (iSCSI Name Server) 5, name server specifications other than iSNS may be used.

Device information for initiator(s) in a host computer 2 and target(s) in the storage controller 1, that are clients on the name server 5, is registered in the management table 5111 (FIG. 3) in the server. FIG. 4 shows an example of a device list table. In the device list table, control information including device names (iSCSI names) of devices (initiators and targets), IP addresses and device TCP port numbers, types (initiator/target), with or without entity state inquiry (ESI), and state change notification (SCN) is registered. In FIG. 4, AAAAA is an iSCSI name of an initiator A at a host computer 2 and BBBBB is an iSCSI name of a target B at a storage controller 1. A domain bit map is a flag which indicates whether or not the relevant device is registered in a discovery domain list table shown in FIG. 8 (6), which will be described later. A “control” is a flag indicating whether or not the iSNS server has management authority over the relevant device.

A discovery domain list table is also stored, as the management table 5111, in the control data area in the server. Discovery domain information refers to information defining the connection relationship between initiator(s) and target(s). FIG. 5 shows an example of a discovery domain list table, in which, an initiator A at a host computer A and a target C at a storage controller C are allocated to a group called domain X and an initiator B at a host computer B and a target D at a storage controller D are allocated to a group called domain Y. This structure is illustrated in FIG. 6. The initiator A is allowed to be connected to the target C in the same domain (group) but not to the target D in the different domain (group). The initiator B is allowed to be connected to the target D.

When the host computer A transmits a request for ‘discovery’, processing to search for a connection target, to the iSNS server, the iSNS server refers to the discovery domain list table and the device table and notifies the host computer A of the IP address and iSCSI name of the target C, which is to be connected to the initiator A.

If a SCN is registered in the device list table shown in FIG. 4, and if a new target or initiator has just been registered at the iSNS server as belonging to the discovery domain, or if there has been any change made in the domain group the target C belongs to, the nodes (initiators and targets) belonging to the same domain group are notified of the registration content of the discovery domain. Accordingly, an initiator at the host computer can know the names and addresses of accessible targets. The same can be said about targets. The initiator therefore can access the targets defined as belonging to the same domain group based on the iSCSI names. Incidentally, even when a SCN is registered in the device list table, if the LUN security is set for the storage controller without registering discovery domains at the iSNS server, the access limitation set in the iSNS server and the access limitation set in the storage controller do not match. The present invention intends to solve that problem.

The device list table shown in FIG. 4 is registered in the control data area in the iSNS server when an initiator or a target accesses the iSNS server. The discovery domain list table is created by an iSNS server administrator. Specifically, the discovery domain list table is created and registered based on information on a property screen created by the administrator using a user interface (for example, a GUI). As will be described later, when the LUN security is set in the storage controller, the storage controller reads the correspondence relationships between initiators and targets from the LUN security information and registers them in the discovery domain table shown in FIG. 5.

LUN security for a storage controller is explained below. FIG. 7 is a functional block diagram illustrating the LUN security set for the storage controller. In this figure, ports 38 (1A, 1B, 2A and 2B) are respectively assigned predetermined targets (1 to 5). A host group (HG) (1 to 5) is a management unit for defining correspondence relationships between a targets and LUs 220. A host group corresponds to specified logical unit(s). In one example, a port 2A is mapped onto a target 3 (HG3) and a target 4 (HG4). The target 3 is assigned a logical unit LU2. The target 4 is assigned logical units LU3 and LU 5.

The LUN security is realized by various control tables set in the control information storage area 50 in the shared memory 47 in the storage controller. FIG. 8 (1) is a target network information table, in which network information (IP address/TCP port #, iSNS server address) for ports, to which targets belong, is defined.

FIG. 8 (2) is a target list table. In the storage controller, targets are set as host groups (HG) so that they are related to initiators, which are allowed to access the targets. In the table, one host group corresponds to one iSCSI name of a target iSCSI name. A port the target belongs to is also defined in the table. According to FIG. 7 and the table in FIG. 8 (2), a port 1A is mapped onto host groups HG#1 and HG#2 so that the target BBBBB and the target CCCCC can be seen from the port 1A. Incidentally, in FIG. 8 (2), “00” in the section DD indicates that a host group has not been set yet.

FIG. 8 (3) shows an initiator list table. An initiator is given permission to access target(s) when a corresponding host group bit map is set in the table. For example, for the initiator AAAAA, a host group bit map is set to enable access to the target BBBBB (HG#1) and the target CCCCC (HG#2), both targets being mapped to the port 1A. FIG. 8 (4) shows an access list table. Each host group is assigned logical unit number(s) (LUNs) of accessible logical unit(s). Incidentally, AAAAA, BBBBB and CCCCC are iSCSI names of initiators and targets.

Initiator access to a specified target is explained below in detail. For example, when the initiator AAAAA logs into the target BBBBB, the target BBBBB stores, in an iSCSI name network connection conversion table, an iSCSI name and its connection information, that is, an IP address and a TCP port number, included in the login command. FIG. 8 (5) shows the conversion table. After the login, the storage controller identifies initiators based on this conversion table. Host group information (HG#) in the conversion table is obtained by referring to the initiator list table FIG. 8 (3).

Specifically, a channel processor 40 in a channel adapter connected to a storage controller port refers to the initiator list table and if it finds that the iSCSI name of the current initiator is registered in the initiator list table, it responds “permission” to the initiator. Whereas, if the iSCSI name is not registered in the table, it responds “rejection” to the initiator. At this time, the initiator iSCSI name network connection conversion table is created by the storage controller. Regarding post-login SCSI commands from the initiator, the storage controller deals with them based on the corresponding device (LUN) information in the access list table.

Once the initiator logs into the target, the storage controller can specify the iSCSI name of the initiator, thereby specifying a host group for the initiator in the initiator list table, and thereby specifying logical unit(s) (LUs) allocated to the host group by referring to the access list table in which the host group is registered. Incidentally, in the access list table, one host group may also correspond to one logical unit (LU).

Now the security setting performed by the storage controller is explained. First, the storage controller registers domain names in the discovery domain list table shown in FIG. 8 (6), and defines an entry # (DD), which is a management unit in classification for initiators and targets, for each of the domain names. Incidentally, the initiator list table in FIG. 8 (3), the initiator name network conversion table FIG. 8 (5), and the discovery domain list table FIG. 8 (6) are created by the processors (channel processors) in the storage controller and registered in the shared memory. The information for these control tables may be set in the iSNS server first, and then obtained by the storage controller, updated in the storage controller when the LUN security is set, and reflected in the iSNS server.

The storage controller 1 registers an entry # for each target that belongs to a domain name based on the discovery domain information. Specifically, DD # (01) is registered for the target BBBBB and DD # (02) is registered to for the target CCCCC in the target list table in FIG. 8 (2). Based on the discovery domain information, the storage controller 1 then registers, in the initiator list table (FIG. 8 (3)), a domain bit map for the initiators belonging to the domain names in such a manner that the domain bit map corresponds to the entry # of the targets allocated to the domain name.

Subsequently, the storage controller 1 identifies host groups that correspond to the specified entry # (DD#) in the target list table (FIG. 8 (2)) and enables a host group bit map of the initiator in the initiator list table (FIG. 8 (3)) so that the host group bit map corresponds to the host groups.

Specifically, as indicated in the initiator list table FIG. 8 (3), the storage controller 1 enables the host group bit map of the initiator MAM so that the initiator AAAAA corresponds to the host groups of the targets BBBBB and CCCCC. Bit 1 in a host group bit map corresponds to a host group 00, bit 2 corresponds to a host group 01, bit 3 corresponds to a host group 02, . . . and the final bit corresponds to a host group FF.

Specifically, if the host group bit map is registered as 0110000 . . . 0000, the initiator AAAAA corresponds to the targets BBBBB and CCCCC. Therefore, the initiator AAAAA can access only the target BBBBB (host group: 01) and the target CCCCC (host group: 02), both for which LUN security is set.

Now, setting or updating of discovery domain configuration information by the iSNS server based on discovery domain configuration change information, which the iSNS server is notified of by a storage controller when the aforementioned LUN security is set for the storage controller, is explained with reference to FIG. 9.

First, a host computer (initiator) and storage controllers (targets) establish TCP/IP connection with the iSNS server. The initiator registers its iSCSI name (AAAAA) and the targets register their iSCSI names (BBBBB and CCCCC) in the device list table (FIG. 4) in the iSNS server. They also register other parameters at the iSNS server (900).

Next, as shown in FIG. 1, when the management console 4 sets or updates LUN security (control tables shown in FIG. 8) for the storage controller 1 a, a controller CTL in the storage controller 1 a creates discovery domain information based on the control tables shown in FIG. 8 (902), and notifies the iSNS server of the information (906).

The storage controller creates the discovery domain information as follows. It groups initiator name(s) and target name(s) based on the initiator list table (FIG. 8 (3)) and the host groups (HG #) listed in the target list table (FIG. 8 (2)). Domain names in the discovery domain list table are determined according to the entry # (DD) in the target list table (FIG. 8 (2)).

In the present case, discovery domain information in which the initiator (AAAAA) and the target (BBBBB) are classified in the same domain (domain name: 0001) is created. The storage controller performs this processing for/on every entry # listed in the target list table (FIG. 8 (2)) (904), thereby creating discovery information for all domain groups. When the iSNS server is notified of the discovery domain information by the storage controller 1, it updates the discovery domains recorded in the management table 5111.

FIG. 10 (1) shows discovery domain information for the domain 001, which has been sent to the iSNS server and FIG. 10 (2) shows discovery domain information for the domain 002. When an initiator requests discovery of target information by the iSNS server, the iSNS server notifies the initiator of the iSCSI name(s) and the IP address(es) of the target(s). Based on that notified information, the initiator accesses an intended target for which the LUN security is set.

FIG. 11 is a flow chart illustrating a method for access from a storage controller to the iSNS server. Access from the storage controller to the iSNS server has two types: access through a management path (FIG. 14A) and access through a data path (30). The processor in the storage controller 1 judges whether the management path is in the connection state (1100), and if the judgment is negative, it accesses the iSNS server through the data path (1102). If the data path is not in the connection state either, the processor monitors the states of the paths until either of the paths recovers its connection state.

If the management path and the data path are both in the connection state (1104), the processor 40 in the storage controller calculates the management path data transmission load and the data path data transmission load (1106, 1108), uses the path with the lighter load (1110, 1112, 1114), and transmits the access setting information about access from the initiator to the target to the iSNS server. As a result, the security settings are automatically made or updated in the iSNS server based on the information from the storage controller. Incidentally, the management path and data path loads are path usage rates per unit of time, calculated from logs of their number of communications and communication data amounts.

When the security is set or any change is made in the security settings, that is, when the control tables shown in FIG. 8 are set or updated, the storage controller sets a control flag in a predetermined area in the cache memory, the flag indicating that the access property in the storage controller has to be set in the iSNS server. When the storage controller completes reflecting its security information in the control tables in the iSNS server, it resets the control flag. By monitoring the control flat at all times, the storage controller can reflect any change in its LUN security in the iSNS server speedily. Moreover, because the storage controller can set the control information in the iSNS server using a path with a light communication load, there will be no delay in setting the discovery domain in the iSNS server. When the iSNS server is notified of the discovery domain information from the storage controller, it sets a control flag indicating that the discovery domain information has to be updated or modified, and when it finishes the update or modification, it resets the flag. Because the iSNS server always monitors the control flag, it can update or modify specified discovery domain(s) speedily.

Another embodiment of the present invention is explained below. In this embodiment, the iSNS server is provided in the storage controller. The channel processors in the storage controller may deal with targets and initiators that access a predetermined port as the iSNS server's clients and centrally manage iSNS requests from the initiators and the targets together with the access setting information in the storage controller.

If an access target is a target inside the storage controller, the relevant channel processor need not involve the network, but only access the shared memory having the access setting information in order to access the internal iSNS server. Incidentally, targets include targets in the storage controller itself as well as those in other storage controllers. In the present case where the iSNS server is provided in the storage controller, the previous external iSNS server may be omitted or may be used together with the internal iSNS server. This configuration is explained below as another embodiment.

FIG. 12 shows a target network information table according to the present embodiment. In this table, the new sections “Server” and “Listen” have been added to the sections in the target network information table according to the previous embodiment. FIG. 13 shows other control tables corresponding to the present target network information table. In the present embodiment, an iSNS server function is connected to the port 2A in the block diagram of FIG. 7.

In the target network information table in FIG. 12, “Enable” in the “Server” section indicates that the iSNS server of the relevant port is enabled. In the table, the IP address of the iSNS server is 192.168.0.220, which is the same IP address as the target in the same storage controller. The TCP port number of the iSNS server is “3205,” indicated in the “Listen” section. Therefore, it is possible to judge whether an access to the port 2A is an access to the iSCSI target or an access to the iSNS server. This function is realized by the protocol processor 122 as shown in FIG. 2. Incidentally, the storage controller provides a user I/F for assigning initiators and targets, registered at the iSNS server, to discovery domains.

The iSNS server function accepts registration from other storage controllers (targets) and host computers (initiators). Accordingly, the iSNS server needs tables having information to identify initiators and targets that do not exist in the storage controller. In the target list table, if “00” is written in the “HG#” section, it means that the relevant host group is a device outside the present storage controller. Accordingly, when the iSNS server function receives an iSNS registration request from a target in an external storage controller, that target is registered as belonging to HG#00. In the discovery domain list table, “00” in the “Entry#” section indicates that the relevant host group does not belong to any domain group. This is the same in the previous embodiment.

Because there are some cases where initiators and targets first register themselves at the iSNS server and their discovery domains are then determined by the iSNS server, when they register at the iSNS server for the first time, they have the attribute “00”. When their discovery domains are then defined in the iSNS server, domain bit maps and target entry # are updated in the initiator list table based on the defined content.

In the access list table, if a target is a target in an external storage controller, in other words, if the present storage controller operates only as the iSNS server, “FF: FF” is written the “CU: LDEV” section. Even when targets in external storage controllers are registered at the iSNS server, the target names are registered in the target list table, therefore, whether or not a registered target is a target managed in the present storage controller or a target managed in another storage controller is determined by what is entered in the “CU: LDEV” section. If the target is the one in the external storage controller, it is not subject to the LUN security.

In case of an external host computer or an external storage controller, an initiator or a target therein establishes TCP connection with the iSNS server at the port 2A and registers at the iSNS server. Information registered includes an IP address/TCP port number and iSCSI name or the like. Then, the initiator or the target is allocated to a discovery domain as instructed via the user I/F (for example, a GUI) provided by the storage controller.

For example, if a port 2B registers at the iSNS server at the port 2A, the same iSNS server address as that for the port A is entered in the “iSNS server address” section in the target network information table. When a target is the port 2B, for example, the target (port 2B) does not have to establish TCP connection to the iSNS server (port 2A) or register at the iSNS server because necessary updates have been already conducted in the respective tables by the storage controller.

Specifically, when setting a target in a storage controller, if the iSNS server IP address for the target (192.168.100.220 for port 2B) matches any iSNS IP address of ports whose “Server” section is set to “Enable” in the target network information table (in the present case, the iSNS server IP address of the port 2A matches that of the port 2B), the target can omit TCP connection establishment and registration at the iSNS server. In the present case where the iSNS server is provided inside the storage controller, security setting for a storage controller is performed in the same manner as shown in FIG. 9.

With the storage controller having the iSNS server provided therein, the LUN security settings made for the storage controller by an administrator can be reflected in the discovery domains in the iSNS server speedily.

Now a third embodiment of the present invention is explained. The third embodiment is different from the aforementioned embodiments in that a fabric is used as a management module instead of an iSNS server. FIG. 14 shows the third embodiment. A reference numeral 130 indicates a switch. A port (WWN1) of a server 1 a is connected to a port #0 and a port (WWN2) of a server 1 b is connected to a port #2.

A port (WWN3) of the storage controller 1 a is connected to a port #1. In the storage controller 1 a, a logical unit LU0 is mapped onto a group consisting of a host group (HG #0) and the server (WWN1). The storage controller 1 a creates access property relationships between the ports in the switch and the server and registers them in a name server in the switch. A reference number 132 indicates a control table of the name server 132, in which zoning setting is performed for the group consisting of the port P#0 (switch) and WWN1 (server) and the group consisting of the port P#1 (switch) and WWN3 as shown with the arrow 14A in FIG. 14.

When the server (WWN1) logs into the switch, the storage controller 1 a accepts access from the port #1 of the server (WWN1) to the target WWN3. Even if the server WWN2 accesses the switch 130, the access is rejected and the server WWN2 is not allowed to access the storage controller 1 a because the sever WWN2 has no access target storage controllers set therefor.

FIG. 15 is a flowchart indicating the process where the storage controller registers access information in the switch. When the management console 4 sets access permission information in the storage controller 1 a (S1 in FIG. 13), the storage controller 1 a judges whether the switch is connected to the network 4A (1402, 1404).

The storage controller 1 a obtains the information for the name server 132 from the switch 130 (1406) and checks whether any WWN of its own ports is included in the name server information (1408). If there is a WWN of its own ports included in the information, it checks whether there is a WWN of a server for which the LUN security is set in the storage controller (1410). If these judgments are positive, the storage controller creates discovery information for the LUN security set for a certain single management unit (1412) and transmits the discovery information to the switch (1414). The name server in the switch then performs zoning based on the discovery information. Subsequently, the storage controller judges whether the discovery information is set in the switch for the LUN security set for all the management units (1416).

According to the third embodiment, the discovery information is automatically set in the switch by setting access permission in the storage controller. Therefore, it is possible to prevent degradation of the access performance in the storage control system, which is caused by undesirable login and repetition of retries from host computers. Incidentally, the management module in the present invention refers to the aforementioned iSNS server or the switch. 

1. A storage control system comprising: a host computer having one or more initiators; a storage controller having one or more targets and storage areas, and also having a security property for defining access relationships between the targets and the storage areas; and a management module for storing access correspondence relationships between the initiators and the targets, wherein, when the security property is set in the storage controller, the storage controller sets the access correspondence relationships in the management module based on the security property.
 2. A storage control system, in which a storage controller, a host computer, and a management module, having a first storage area defining access correspondence relationships between one or more targets in the storage controller and one or more initiators in the host computer, are connected to each other via a communication network, for controlling access between the initiators and the targets, wherein, the storage controller comprises: a port for receiving access from the host computer; a processor for processing information output from the port; a data storage apparatus for storing write data received from the host computer and/or read data transmitted to the host computer; and a second storage area for storing a LUN security property that defines correspondence relationships between the targets and one or more logical units in the data storage apparatus; and an access management list that defines correspondence relationships between the initiators and the targets, and wherein, the processor sets the access correspondence relationships in the storage area based on the access management list.
 3. The storage control system according to claim 2, wherein the access correspondence relationships stored in the first storage area include identification information for distinguishing the initiators from one another; identification information for distinguishing the targets from one another; and domain information in which initiators and corresponding targets are divided into groups.
 4. The storage control system according to claim 3, wherein the identification information is iSCSI names based on the iSCSI protocol and the management module is an iSNS server.
 5. The storage control system according to claim 2, wherein the access correspondence relationships stored in the first storage area are defined in a device information table including device information for the initiators and the targets.
 6. The storage control system according to claim 3, wherein the management module is a fabric in which access correspondence relationships between a WWN of an initiator and a WWN of a target are stored in the first storage area.
 7. The storage control system according to claim 2, wherein there is a plurality of paths for the storage controller to access the management module and the storage controller accesses the management module through the path with the lightest communication load.
 8. The storage control system according to claim 2, wherein the processor sets the access property in such a manner that an initiator is connected to a specified target for which LUN security is set.
 9. The storage control system according to claim 2, wherein the storage controller provides, between ports and logical units, management units that correspond to the targets and registers the correspondence relationships between the management units and the targets as well as the correspondence relationships between the management units and the logical units as the LUN security property in the second memory.
 10. The storage control system according to claim 9, wherein the correspondence relationships stored in the first storage area include identification information for distinguishing the initiators from one another, identification information for distinguishing the plural targets from one another, and domain information in which initiators and corresponding targets are divided into groups, and the storage controller sets identification symbols for respective groups included in the domain information, and establishes correspondence relationships between the initiators belonging to the groups and specified management units based on the identification symbols.
 11. The storage control system according to claim 10, wherein the storage controller creates the domain information based on the identification symbols and sets the domain information in the management module.
 12. The storage control system according to claim 4, wherein the iSNS server is provided in the storage controller.
 13. The storage control system according to claim 11, wherein the iSNS server can be accessed from a target in the storage controller as well as a target in a different storage controller. 